Description

A remote code execution (RCE) vulnerability in course_intro_pdf_import.php of Chamilo LMS v1.11.x allows authenticated attackers to execute arbitrary code via a crafted .htaccess file.

Remediation

References

CVE-2021-35413

Related Vulnerabilities

Oracle Database Server Other Vulnerability (CVE-2007-1442)

WordPress Plugin Bootstrap Categories Gallery Cross-Site Scripting (1.0.1)

WordPress Plugin WordPress Poll Cross-Site Request Forgery (34.05)

WordPress Plugin CM Ad Changer Cross-Site Scripting (1.7.7)

CakePHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3712)

Severity

High

Classification

CVE-2021-35413 CWE-707

Tags

Missing Update Known Vulnerabilities